WordPress Plugin Vulnerabilities

Paid Memberships Pro < 2.9.12 - Subscriber+ SQL Injection

Description

The plugin does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.

Proof of Concept

Affects Plugins

Plugin icon
paid-memberships-pro
Fixed in 2.9.12

References

CVE
CVE-2023-0631

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.7 (high)

Miscellaneous

Original Researcher
Marc Montpas
Submitter
Marc Montpas
Submitter website
https://wpscan.com
Submitter twitter
marcS0H
Verified
Yes
WPVDB ID
19ef92fd-b493-4488-91f0-e6ba51362f79

Timeline

Publicly Published
2023-02-27 (about 2 years ago)
Added
2023-02-27 (about 2 years ago)
Last Updated
2023-02-27 (about 2 years ago)

Other

Published
Title
Published
2025-06-16
Title
Blog2Social < 8.4.5 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter
Published
2021-07-23
Title
Alipay <= 3.7.2 - Authenticated SQL Injection
Published
2025-07-01
Title
LifterLMS < 8.0.7 - Unauthenticated SQL Injection
Published
2024-04-03
Title
REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection
Published
2022-01-04
Title
Futurio Extra < 1.6.3 - Authenticated SQL Injection